lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4583263C.3070403@gmail.com>
Date:	Fri, 15 Dec 2006 23:48:05 +0059
From:	Jiri Slaby <jirislaby@...il.com>
To:	Andrew Morton <akpm@...l.org>
CC:	linux-kernel@...r.kernel.org, Jeff Garzik <jgarzik@...ox.com>,
	linux-ide@...r.kernel.org, Mikael Pettersson <mikpe@...uu.se>
Subject: Re: OOPS: deref 0x14 at pdc_port_start+0x82 [Was: 2.6.20-rc1-mm1]

Andrew Morton wrote:
> On Fri, 15 Dec 2006 15:45:55 +0059
> Jiri Slaby <jirislaby@...il.com> wrote:
> 
>> Andrew Morton wrote:
>>> Temporarily at
>>>
>>> 	http://userweb.kernel.org/~akpm/2.6.20-rc1-mm1/
>>>
>>> Will appear later at
>>>
>>> 	ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.20-rc1/2.6.20-rc1-mm1/
>> The kernel panics at boot in pdc_port_start+0x82 with deref of 0x14:
>> http://www.fi.muni.cz/~xslaby/sklad/pdc_oops.png
>>
>> ATA port is not connected, only 2 SATA disks on my
>> # lspci -vvxs 02:01.0
>> 02:01.0 Mass storage controller: Promise Technology, Inc. PDC40775 (SATA 300
>> TX2plus) (rev 02)
>>         Subsystem: Promise Technology, Inc. PDC40775 (SATA 300 TX2plus)
>>         Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr-
>> Stepping- SERR- FastB2B-
>>         Status: Cap+ 66MHz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort-
>> <TAbort- <MAbort- >SERR- <PERR-
>>         Latency: 72 (1000ns min, 4500ns max), Cache Line Size: 4 bytes
>>         Interrupt: pin A routed to IRQ 19
>>         Region 0: I/O ports at 8000 [size=128]
>>         Region 2: I/O ports at 8400 [size=256]
>>         Region 3: Memory at fb025000 (32-bit, non-prefetchable) [size=4K]
>>         Region 4: Memory at fb000000 (32-bit, non-prefetchable) [size=128K]
>>         [virtual] Expansion ROM at 50000000 [disabled] [size=32K]
>>         Capabilities: [60] Power Management version 2
>>                 Flags: PMEClk- DSI+ D1+ D2- AuxCurrent=0mA
>> PME(D0-,D1-,D2-,D3hot-,D3cold-)
>>                 Status: D0 PME-Enable- DSel=0 DScale=0 PME-
>> 00: 5a 10 73 3d 07 00 30 02 02 00 80 01 01 48 00 00
>> 10: 01 80 00 00 00 00 00 00 01 84 00 00 00 50 02 fb
>> 20: 00 00 00 fb 00 00 00 00 00 00 00 00 5a 10 73 3d
>> 30: 00 00 00 00 60 00 00 00 00 00 00 00 0a 01 04 12
>>
> 
> Presumably
> 
>                 void __iomem *mmio = (void __iomem *) ap->ioaddr.scr_addr;
> 
> gave us a null pointer.
> 
> Something like this:
> 
> diff -puN drivers/ata/sata_promise.c~a drivers/ata/sata_promise.c
> --- a/drivers/ata/sata_promise.c~a
> +++ a/drivers/ata/sata_promise.c
> @@ -294,6 +294,10 @@ static int pdc_port_start(struct ata_por
>  		void __iomem *mmio = (void __iomem *) ap->ioaddr.scr_addr;
>  		unsigned int tmp;
>  
> +		if (!mmio) {
> +			rc = -EDOM;
> +			goto out_kfree;
> +		}
>  		tmp = readl(mmio + 0x014);
>  		tmp = (tmp & ~3) | 1;	/* set bits 1:0 = 0:1 */
>  		writel(tmp, mmio + 0x014);
> _
> 
> should perhaps let you wobble to a state where you can get us the full
> dmesg output, please.
> 
> Actually, that should already be possible simply using netconsole.

I set it up and here it comes:
[    6.779351] ACPI: PCI Interrupt 0000:02:01.0[A] -> GSI 21 (level, low) -> IRQ 19
[    6.779483] sata_promise PATA port found
[    6.779584] ata3: SATA max UDMA/133 cmd 0xF8816200 ctl 0xF8816238 bmdma 0x0
irq 19
[    6.779708] ata4: SATA max UDMA/133 cmd 0xF8816280 ctl 0xF88162B8 bmdma 0x0
irq 19
[    6.779831] BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000014
[    6.779958]  printing eip:
[    6.780020] c02753b9
[    6.780080] *pde = 00000000
[    6.780142] Oops: 0000 [#1]
[    6.780202] SMP
[    6.780328] last sysfs file:
[    6.780389] Modules linked in:
[    6.780488] CPU:    1
[    6.780488] EIP:    0060:[<c02753b9>]    Not tainted VLI
[    6.780490] EFLAGS: 00010202   (2.6.20-rc1-mm1 #203)
[    6.780680] EIP is at pdc_port_start+0x82/0xb0
[    6.780742] eax: 00000001   ebx: f7e3d9a0   ecx: 00000000   edx: 00000000
[    6.780808] esi: f7dcc2e8   edi: 00000000   ebp: c193fe3c   esp: c193fe24
[    6.780873] ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
[    6.780938] Process swapper (pid: 1, ti=c193e000 task=c1923a90 task.ti=c193e000)
[    6.781004] Stack: 000000d0 c1a59a80 c1adcc48 f7ea4000 f88162b8 f7dcc2e8
c193fe90 c026c724
[    6.781398]        00000078 00000004 00000053 c043d998 f8816280 f88162b8
00000000 00000013
[    6.781789]        f7ea4000 f7d91b00 f8816280 c1adcc48 00000013 c1adcc00
00000002 c01de64f
[    6.782180] Call Trace:
[    6.782298]  [<c0103f1b>] show_trace_log_lvl+0x1a/0x30
[    6.782396]  [<c0103fd6>] show_stack_log_lvl+0xa5/0xca
[    6.782494]  [<c01041ce>] show_registers+0x1d3/0x2b8
[    6.782591]  [<c01043d4>] die+0x121/0x243
[    6.782690]  [<c01193b0>] do_page_fault+0x2b8/0x5e8
[    6.782788]  [<c0389e74>] error_code+0x7c/0x84
[    6.782885]  [<c026c724>] ata_device_add+0x1b1/0x516
[    6.782983]  [<c027568e>] pdc_ata_init_one+0x2a7/0x3e9
[    6.783081]  [<c01e057e>] pci_device_probe+0x44/0x5f
[    6.783180]  [<c02432a2>] driver_probe_device+0x75/0x12c
[    6.783279]  [<c0243470>] __driver_attach+0x8c/0x8e
[    6.783376]  [<c02428b3>] bus_for_each_dev+0x44/0x62
[    6.783476]  [<c0243161>] driver_attach+0x19/0x1b
[    6.783574]  [<c0242ba7>] bus_add_driver+0x6a/0x188
[    6.783671]  [<c02436c9>] driver_register+0x54/0x84
[    6.783768]  [<c01e06e0>] __pci_register_driver+0x45/0x73
[    6.783865]  [<c0520f34>] pdc_ata_init+0xf/0x1b
[    6.783967]  [<c01004b6>] init+0x10d/0x310
[    6.784063]  [<c0103bbf>] kernel_thread_helper+0x7/0x18
[    6.784160]  =======================
[    6.784224] Code: 00 8b 45 f0 e8 ca 25 e9 ff 89 03 85 c0 74 32 89 9e 54 20 00
00 8b 45 ec f6 00 01 74 b6 89 f0 e8 99 1b ff ff 85 c0 74 ab 8b 56 64 <8b> 42 14
83 e0 fc 83 c8 01 89 42 14 89 f8 83 c4 0c 5b 5e 5f 5d
[    6.786508] EIP: [<c02753b9>] pdc_port_start+0x82/0xb0 SS:ESP 0068:c193fe24
[    6.786641]  <0>Kernel panic - not syncing: Attempted to kill init!
[    6.787970]

regards,
-- 
http://www.fi.muni.cz/~xslaby/            Jiri Slaby
faculty of informatics, masaryk university, brno, cz
e-mail: jirislaby gmail com, gpg pubkey fingerprint:
B674 9967 0407 CE62 ACC8  22A0 32CC 55C3 39D4 7A7E
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ